CVE-2023-49103 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2023-49103?
A high-severity vulnerability, CVE-2023-49103, has been discovered in ownCloud's graphapi app, affecting versions 0.2.x before 0.2.1 and 0.3.x before 0.3.1. This vulnerability exposes sensitive credentials and configuration details in containerized deployments, potentially revealing the ownCloud admin password, mail server credentials, and license key. Systems running the affected versions of ownCloud's graphapi app, particularly containerized deployments, are at risk and should take action to mitigate the vulnerability.
Who is impacted?
If you're using ownCloud's graphapi app, you might be affected by a high-severity vulnerability known as CVE-2023-49103. This issue impacts users of graphapi versions 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The vulnerability exposes sensitive credentials and configuration details in containerized deployments, potentially revealing the ownCloud admin password, mail server credentials, and license key. It's important to be aware of this vulnerability and take necessary precautions to protect your data.
What to do if CVE-2023-49103 affected you
If you're affected by the CVE-2023-49103 vulnerability, it's crucial to take immediate action to protect your sensitive data. Follow these simple steps to mitigate the issue:
Delete the file owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php.
Disable the phpinfo function in docker-containers.
Change your ownCloud admin password, mail server credentials, database credentials, and object-store/S3 access-key.
Update the affected graphapi app to a secure version.
Is it in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-49103 vulnerability, also known as ownCloud graphapi Information Disclosure Vulnerability, is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on November 30, 2023, with a due date of December 21, 2023. To address this vulnerability, organizations should apply the recommended mitigations or discontinue using the affected product if no mitigations are available.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-200, which involves the exposure of sensitive information to an unauthorized actor in ownCloud's graphapi app.
Learn More
CVE-2023-49103 is a high-severity vulnerability affecting ownCloud's graphapi app, with potential exposure of sensitive credentials and configuration details. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-49103 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2023-49103?
A high-severity vulnerability, CVE-2023-49103, has been discovered in ownCloud's graphapi app, affecting versions 0.2.x before 0.2.1 and 0.3.x before 0.3.1. This vulnerability exposes sensitive credentials and configuration details in containerized deployments, potentially revealing the ownCloud admin password, mail server credentials, and license key. Systems running the affected versions of ownCloud's graphapi app, particularly containerized deployments, are at risk and should take action to mitigate the vulnerability.
Who is impacted?
If you're using ownCloud's graphapi app, you might be affected by a high-severity vulnerability known as CVE-2023-49103. This issue impacts users of graphapi versions 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The vulnerability exposes sensitive credentials and configuration details in containerized deployments, potentially revealing the ownCloud admin password, mail server credentials, and license key. It's important to be aware of this vulnerability and take necessary precautions to protect your data.
What to do if CVE-2023-49103 affected you
If you're affected by the CVE-2023-49103 vulnerability, it's crucial to take immediate action to protect your sensitive data. Follow these simple steps to mitigate the issue:
Delete the file owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php.
Disable the phpinfo function in docker-containers.
Change your ownCloud admin password, mail server credentials, database credentials, and object-store/S3 access-key.
Update the affected graphapi app to a secure version.
Is it in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-49103 vulnerability, also known as ownCloud graphapi Information Disclosure Vulnerability, is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on November 30, 2023, with a due date of December 21, 2023. To address this vulnerability, organizations should apply the recommended mitigations or discontinue using the affected product if no mitigations are available.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-200, which involves the exposure of sensitive information to an unauthorized actor in ownCloud's graphapi app.
Learn More
CVE-2023-49103 is a high-severity vulnerability affecting ownCloud's graphapi app, with potential exposure of sensitive credentials and configuration details. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-49103 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2023-49103?
A high-severity vulnerability, CVE-2023-49103, has been discovered in ownCloud's graphapi app, affecting versions 0.2.x before 0.2.1 and 0.3.x before 0.3.1. This vulnerability exposes sensitive credentials and configuration details in containerized deployments, potentially revealing the ownCloud admin password, mail server credentials, and license key. Systems running the affected versions of ownCloud's graphapi app, particularly containerized deployments, are at risk and should take action to mitigate the vulnerability.
Who is impacted?
If you're using ownCloud's graphapi app, you might be affected by a high-severity vulnerability known as CVE-2023-49103. This issue impacts users of graphapi versions 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The vulnerability exposes sensitive credentials and configuration details in containerized deployments, potentially revealing the ownCloud admin password, mail server credentials, and license key. It's important to be aware of this vulnerability and take necessary precautions to protect your data.
What to do if CVE-2023-49103 affected you
If you're affected by the CVE-2023-49103 vulnerability, it's crucial to take immediate action to protect your sensitive data. Follow these simple steps to mitigate the issue:
Delete the file owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php.
Disable the phpinfo function in docker-containers.
Change your ownCloud admin password, mail server credentials, database credentials, and object-store/S3 access-key.
Update the affected graphapi app to a secure version.
Is it in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-49103 vulnerability, also known as ownCloud graphapi Information Disclosure Vulnerability, is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on November 30, 2023, with a due date of December 21, 2023. To address this vulnerability, organizations should apply the recommended mitigations or discontinue using the affected product if no mitigations are available.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-200, which involves the exposure of sensitive information to an unauthorized actor in ownCloud's graphapi app.
Learn More
CVE-2023-49103 is a high-severity vulnerability affecting ownCloud's graphapi app, with potential exposure of sensitive credentials and configuration details. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions